spear-phishing

How a Windows zero-day was exploited in the wild for months (CVE-2024-43451)

ClearSky Cyber Security, CVE, Don't miss, Hot stuff, Malware, News, spear-phishing, Ukraine, vulnerability, Windows, Windows Server /

How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) 2024-11-14 at 12:02 By Zeljka Zorz CVE-2024-43451, a Windows zero-day vulnerability for which Microsoft released a fix on November 2024 Patch Tuesday, has been exploited since at least April 2024, ClearSky researchers have revealed. About the vulnerability CVE-2024-43451 affects all supported Windows versions […]

React to this headline:

Loading spinner

How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) Read More »

Aerospace employees targeted with malicious “dream job” offers

aerospace, APT, backdoor, ClearSky Cyber Security, Don't miss, Hot stuff, Iran, LinkedIn, News, spear-phishing /

Aerospace employees targeted with malicious “dream job” offers 2024-11-13 at 12:49 By Zeljka Zorz It’s not just North Korean hackers who reach out to targets via LinkedIn: since at least September 2023, Iranian threat actor TA455 has been trying to compromise workers in the aerospace industry by impersonating job recruiters on the popular employment-focused social

React to this headline:

Loading spinner

Aerospace employees targeted with malicious “dream job” offers Read More »

Industrial companies in Europe targeted with GuLoader

Cado Security, Don't miss, Europe, Hot stuff, Malware, News, spear-phishing /

Industrial companies in Europe targeted with GuLoader 2024-11-07 at 15:48 By Zeljka Zorz A recent spear-phishing campaign targeting industrial and engineering companies in Europe was aimed at saddling victims with the popular GuLoader downloader and, ultimately, a remote access trojan that would permit attackers to steal information from and access compromised computers whenever they wish.

React to this headline:

Loading spinner

Industrial companies in Europe targeted with GuLoader Read More »

Russian hackers deliver malicious RDP configuration files to thousands

Amazon, APT, Australia, cyber espionage, Don't miss, Europe, Government, Hot stuff, Japan, Microsoft, News, RDP, Russian Federation, spear-phishing, UK /

Russian hackers deliver malicious RDP configuration files to thousands 2024-10-30 at 12:49 By Zeljka Zorz Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, and NGO workers with phishing emails containing a signed Remote Desktop Protocol (RDP) configuration file. “Based

React to this headline:

Loading spinner

Russian hackers deliver malicious RDP configuration files to thousands Read More »

DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military

charged, China, espionage, Military, NASA, Nation-State, spear-phishing /

DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military 2024-09-17 at 13:01 By Ionut Arghire Chinese national Song Wu allegedly sent spear-phishing emails to NASA, Air Force, Navy, Army, and FAA employees. The post DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military Read More »

Western, Russian Civil Society Targeted in Sophisticated Phishing Attacks 

phishing, Russia, spear-phishing /

Western, Russian Civil Society Targeted in Sophisticated Phishing Attacks  2024-08-16 at 16:16 By Ionut Arghire Multiple Russian, Belarusian, and Western entities perceived as Russia’s enemies have been targeted in two recent spear-phishing campaigns. The post Western, Russian Civil Society Targeted in Sophisticated Phishing Attacks  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Western, Russian Civil Society Targeted in Sophisticated Phishing Attacks  Read More »

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks

APT, Check Point, CVE, Don't miss, Hot stuff, Internet Explorer, News, spear-phishing, Trend Micro, Windows /

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks 2024-07-16 at 16:46 By Zeljka Zorz The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Trend Micro’s

React to this headline:

Loading spinner

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks Read More »

CISA Red Team Exercise Finds Critical Vulnerabilities in Federal Civilian Agency

Application Security, attack surface management, CISA, Government, Incident Response, red team, spear-phishing /

CISA Red Team Exercise Finds Critical Vulnerabilities in Federal Civilian Agency 2024-07-12 at 17:31 By Ionut Arghire CISA says a SILENTSHIELD red team assessment found gaping holes in the security posture of a federal civilian executive branch organization. The post CISA Red Team Exercise Finds Critical Vulnerabilities in Federal Civilian Agency appeared first on SecurityWeek.

React to this headline:

Loading spinner

CISA Red Team Exercise Finds Critical Vulnerabilities in Federal Civilian Agency Read More »

Cyberespionage Campaign Targets Government, Energy Entities in India

APT, Cyberwarfare, India, Malware & Threats, Nation-State, phishing, spear-phishing /

Cyberespionage Campaign Targets Government, Energy Entities in India 2024-03-28 at 17:17 By Ionut Arghire Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India. The post Cyberespionage Campaign Targets Government, Energy Entities in India appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Cyberespionage Campaign Targets Government, Energy Entities in India Read More »

Attackers are targeting financial departments with SmokeLoader malware

Don't miss, finance, Government, Hot stuff, Malware, News, Palo Alto Networks, phishing, spear-phishing, Ukraine /

Attackers are targeting financial departments with SmokeLoader malware 2024-03-22 at 08:31 By Helga Labus Financially motivated hackers have been leveraging SmokeLoader malware in a series of phishing campaigns predominantly targeting Ukrainian government and administration organizations. The phishing campaign The Ukrainian SSSCIP State Cyber Protection Center (SCPC), together with the Palo Alto Networks Unit 42 research

React to this headline:

Loading spinner

Attackers are targeting financial departments with SmokeLoader malware Read More »

Recruiters, beware of cybercrooks posing as job applicants!

cybercrime, Don't miss, Email, Hot stuff, Malware, News, Proofpoint, spear-phishing /

Recruiters, beware of cybercrooks posing as job applicants! 12/12/2023 at 16:46 By Zeljka Zorz Recruiters are being targeted via spear-phishing emails sent by cybercrooks impersonating job applicants, Proofpoint researchers are warning. “The tone and content of the emails suggest to the recipient the actor is a legitimate candidate, and because the actor specifically targets people

React to this headline:

Loading spinner

Recruiters, beware of cybercrooks posing as job applicants! Read More »

Bracing for AI-enabled ransomware and cyber extortion attacks

APT, Artificial Intelligence, attacks, cybercriminals, cybersecurity, Don't miss, education, Email, Expert analysis, Expert corner, extortion, Hot stuff, Malware, News, opinion, phishing, Ransomware, spear-phishing, Zscaler /

Bracing for AI-enabled ransomware and cyber extortion attacks 24/10/2023 at 07:37 By Help Net Security AI has been the shiniest thing in tech since at least November 2022, when ChatGPT was made available to the masses and unveiled the transformative potential of large language models for all the world to see. As businesses scramble to

React to this headline:

Loading spinner

Bracing for AI-enabled ransomware and cyber extortion attacks Read More »

State-sponsored APTs are leveraging WinRAR bug

APT, Don't miss, DuskRise, exploit, Google, government-backed attacks, Hot stuff, News, phishing, spear-phishing, WinRAR /

State-sponsored APTs are leveraging WinRAR bug 18/10/2023 at 18:21 By Zeljka Zorz A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals

React to this headline:

Loading spinner

State-sponsored APTs are leveraging WinRAR bug Read More »

Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers

APT, Athena Agent, Beacon Object Files, CVE-2023-38831, Malware, Mythic Agent, phishing, Russia, Semiconductors, spear-phishing, WhiteSnake, WinRAR /

Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers 10/10/2023 at 17:03 By cybleinc CRIL analyzes Mythic’s Athena Agent targeting Russian Semiconductor suppliers via spear-phishing emails. The post Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers appeared first on Cyble. This article is an excerpt from Cyble View Original Source

React to this headline:

Loading spinner

Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers Read More »

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm

APT, backdoor, cyber espionage, ESET, News, spear-phishing /

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm 02/10/2023 at 11:48 By Help Net Security Operators of the North Korea-linked Lazarus APT obtained initial access to the network of an aerospace company in Spain last year after a successful spearphishing campaign, by masquerading as a recruiter for Meta — the company behind Facebook, Instagram,

React to this headline:

Loading spinner

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm Read More »

Attackers hit software firm Retool to get to crypto companies and assets

Cryptocurrency, cybercrime, Don't miss, Hot stuff, MFA, News, Okta, Retool, social engineering, spear-phishing, supply chain compromise /

Attackers hit software firm Retool to get to crypto companies and assets 14/09/2023 at 18:17 By Zeljka Zorz Retool, the company behind the popular development platform for building internal business software, has suffered a breach that allowed attackers to access and take over accounts of 27 cloud customers, all in the crypto industry. According to

React to this headline:

Loading spinner

Attackers hit software firm Retool to get to crypto companies and assets Read More »

North Korean hackers targeted tech companies through JumpCloud and GitHub

APT, CrowdStrike, Don't miss, GitHub, government-backed attacks, Hot stuff, JumpCloud, Mandiant, News, North Korea, social engineering, spear-phishing /

North Korean hackers targeted tech companies through JumpCloud and GitHub 21/07/2023 at 16:03 By Helga Labus North Korean state-sponsored hackers have been linked to two recent cyberattack campaigns: one involving a spear-phishing attack on JumpCloud and the other targeting tech employees on GitHub through a social engineering campaign. The JumpCloud intrusion On June 27, JumpCloud

React to this headline:

Loading spinner

North Korean hackers targeted tech companies through JumpCloud and GitHub Read More »

VirusTotal leaked data of 5,600 registered users

Data leak, Don't miss, enterprise, Google, Government, Hot stuff, News, social engineering, spear-phishing, user data, VirusTotal /

VirusTotal leaked data of 5,600 registered users 18/07/2023 at 15:47 By Helga Labus VirusTotal has suffered a data leak that exposed the names and email addresses of 5,600 of its registered users. The leaked data reportedly includes information about employees of US and German intelligence agencies (among others). VirusTotal data leak exposed exploitable information Google-owned

React to this headline:

Loading spinner

VirusTotal leaked data of 5,600 registered users Read More »

Organizations spend 100 hours battling post-delivery email threats

attacks, Barracuda Networks, cyberattack, cybercrime, cybercriminals, email security, News, spear-phishing /

Organizations spend 100 hours battling post-delivery email threats 30/05/2023 at 06:11 By Help Net Security Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organization, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. Barracuda Networks research finds 24% of organizations studied had at least

React to this headline:

Loading spinner

Organizations spend 100 hours battling post-delivery email threats Read More »

Scroll to Top